Mac OS X Server's adaptive firewall (afctl) does a good job of catching brute-force login attacks on most services, but it doesn't catch PPTP attacks. The script below checks the system log for such attacks, and then uses afctl to block offending hosts for a week (you can, of course, change the parameters if you wish). I recommend using a cron job to run this script every 10-15 minutes.